All language subtitles for 2. Capture frames packets segments

af Afrikaans
ak Akan
sq Albanian
am Amharic
ar Arabic
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bem Bemba
bn Bengali
bh Bihari
bs Bosnian
br Breton
bg Bulgarian
km Cambodian
ca Catalan
ceb Cebuano
chr Cherokee
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English
eo Esperanto
et Estonian
ee Ewe
fo Faroese
tl Filipino
fi Finnish
fr French
fy Frisian
gaa Ga
gl Galician
ka Georgian
de German
el Greek
gn Guarani
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hmn Hmong
hu Hungarian
is Icelandic
ig Igbo
ia Interlingua
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
rw Kinyarwanda
rn Kirundi
kg Kongo
ko Korean
kri Krio (Sierra Leone)
ku Kurdish
ckb Kurdish (Soranรฎ)
ky Kyrgyz
lo Laothian
la Latin
lv Latvian
ln Lingala
lt Lithuanian
loz Lozi
lg Luganda
ach Luo
lb Luxembourgish
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mfe Mauritian Creole
mo Moldavian
mn Mongolian
my Myanmar (Burmese)
sr-ME Montenegrin
ne Nepali
pcm Nigerian Pidgin
nso Northern Sotho
no Norwegian
nn Norwegian (Nynorsk)
oc Occitan
or Oriya
om Oromo
ps Pashto
fa Persian
pl Polish
pt-BR Portuguese (Brazil)
pt Portuguese (Portugal) Download
pa Punjabi
qu Quechua
ro Romanian
rm Romansh
nyn Runyakitara
ru Russian
sm Samoan
gd Scots Gaelic
sr Serbian
sh Serbo-Croatian
st Sesotho
tn Setswana
crs Seychellois Creole
sn Shona
sd Sindhi
si Sinhalese
sk Slovak
sl Slovenian
so Somali
es Spanish
es-419 Spanish (Latin American)
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
tt Tatar
te Telugu
th Thai
ti Tigrinya
to Tonga
lua Tshiluba
tum Tumbuka
tr Turkish
tk Turkmen
tw Twi
ug Uighur
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese
cy Welsh
wo Wolof
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,790 --> 00:00:07,510 Okay so I'm gonna open up a web browser from P.S. 1 to the server the service IP address and this is 2 00:00:07,510 --> 00:00:12,790 a linux server is 10 dot 1 dot wondered 100. 3 00:00:13,270 --> 00:00:17,830 I used the command I have config to see the service IP address. 4 00:00:17,830 --> 00:00:23,970 So what I'll do is start capturing traffic between the P.C. and the switch. 5 00:00:24,190 --> 00:00:26,200 Genius 3 makes this very easy. 6 00:00:26,200 --> 00:00:33,370 It allows us to capture traffic directly within the topology rather than having to install a hub or 7 00:00:33,400 --> 00:00:36,610 a wire tap or something to see the traffic. 8 00:00:37,660 --> 00:00:43,630 So I'm gonna capture the traffic between the P.C. and the switch and we'll be able to see exactly what's 9 00:00:43,630 --> 00:00:50,260 going on within this why shock capture so you can see that we've got spanning tree traffic we've got 10 00:00:50,270 --> 00:01:00,100 a job P traffic dynamic trunk protocol traffic already displayed and being captured by a y shock. 11 00:01:00,240 --> 00:01:04,250 What I'm going to do however is falter for HDP. 12 00:01:04,440 --> 00:01:13,650 There's no HDP traffic at the moment but what we'll do is open up a web browser on the P.C. and connect 13 00:01:13,650 --> 00:01:22,870 it to the server so let's use P.S. 1 open up a web browser. 14 00:01:22,960 --> 00:01:24,590 I'm going to browse to 15 00:01:27,260 --> 00:01:34,110 tendered wondered one at 100 which is the server and as you can see they are web pages displayed. 16 00:01:34,220 --> 00:01:42,500 That's nothing fancy it's just a basic Web page hosted on the server but it's enough for us to see what's 17 00:01:42,500 --> 00:01:43,810 going on. 18 00:01:43,970 --> 00:01:52,930 So in why a shock you can see that traffic was sent from a source IP address 10 1 1 1 to a destination 19 00:01:52,960 --> 00:01:55,540 IP address of 10 1 1 100. 20 00:01:55,540 --> 00:01:57,070 This is HDP traffic. 21 00:01:57,070 --> 00:02:00,150 You can see the protocol they is HDP. 22 00:02:00,310 --> 00:02:05,130 You can see the length you can see that it's an HDP get. 23 00:02:05,160 --> 00:02:09,930 In other words the piece he's trying to get a web page from the server. 24 00:02:09,930 --> 00:02:16,290 Now before I go through the wash capture in more detail let's explain some of the basics that you see 25 00:02:16,290 --> 00:02:17,880 in why shock. 26 00:02:17,940 --> 00:02:22,180 The first thing you see is a frame now in networking. 27 00:02:22,180 --> 00:02:25,720 This is known as Layer two of the oversized model. 28 00:02:25,720 --> 00:02:28,510 Information captured here are known as frames. 29 00:02:28,540 --> 00:02:30,780 So this is known as a frame. 30 00:02:30,880 --> 00:02:33,290 We've captured and Ethernet to frame. 31 00:02:33,370 --> 00:02:38,170 In other words we've captured traffic on Ethernet that different types of Ethan at frames. 32 00:02:38,170 --> 00:02:44,870 But Ethan it too is the most common the source MAC address is a VM where host destination MAC addresses 33 00:02:44,890 --> 00:02:45,700 this. 34 00:02:45,790 --> 00:02:50,060 So the source MAC address is the P.C.. 35 00:02:50,080 --> 00:02:57,670 This piece is actually running inside a VM where I type IP conflict slash all you'll be able to see 36 00:02:57,820 --> 00:03:09,260 the MAC address of the host 0 0 0 c 29 ending in DC D 7 and hopefully that's what we see over here. 37 00:03:09,290 --> 00:03:13,260 So notice MAC address is DC D7. 38 00:03:13,370 --> 00:03:19,620 So notice this MAC address is the MAC address of the P.C. destination address is this. 39 00:03:19,850 --> 00:03:22,280 That's the MAC address of the server. 40 00:03:22,280 --> 00:03:29,140 Notice the MAC address over here 36 E four five C 40 91 82. 41 00:03:29,140 --> 00:03:30,430 There you go. 42 00:03:30,430 --> 00:03:34,350 That's the IP address of the server MAC address of the server. 43 00:03:34,870 --> 00:03:39,850 Here's the IP address of the P.C. and the MAC address of the P.C.. 44 00:03:39,850 --> 00:03:48,130 So in networking we use the term frame to layer two you get different types of frames on Ethernet typically 45 00:03:48,160 --> 00:03:48,960 Ethan at two. 46 00:03:48,970 --> 00:03:54,370 But on a when connection or wide area network connection you could be using something like point to 47 00:03:54,370 --> 00:04:03,610 point protocol or PDP or HDFC or in the old days you had encapsulation like frame relay or A.T.M.. 48 00:04:03,610 --> 00:04:11,320 In other words the layered to frame changes depending on the physical technology that you're using. 49 00:04:11,350 --> 00:04:17,490 Most common technology today's Ethernet most common Ethan at frame type is Ethernet too. 50 00:04:17,530 --> 00:04:25,090 So this is known as a frame not just to make it more confusing in why a shock they talk about frames 51 00:04:25,180 --> 00:04:30,030 here as well but this is actually just metadata used within why shock. 52 00:04:30,040 --> 00:04:32,100 That tells us about the frame. 53 00:04:32,110 --> 00:04:38,120 So again this is just metadata we don't typically talk about that as a frame in networking. 54 00:04:38,200 --> 00:04:39,700 This is known as a frame. 55 00:04:39,850 --> 00:04:43,300 This is known as layer two in the OSA model. 56 00:04:43,310 --> 00:04:49,220 Now I've included a section following this video that talks about ISI and the ISI model. 57 00:04:49,240 --> 00:04:52,420 So if you're not used to the ISI model or you're not quite sure what it's about. 58 00:04:52,420 --> 00:04:53,590 Have a look at those videos. 59 00:04:53,770 --> 00:04:57,330 If you know about the ISI model then skip those videos. 60 00:04:57,460 --> 00:05:00,740 And again if you want more information have a look at my CCN a course. 61 00:05:00,790 --> 00:05:06,160 So this is a frame at least three we have what's called a packet. 62 00:05:06,220 --> 00:05:12,730 So when we refer to the layers in the OS model we use terms such as frame at least two packets layer 63 00:05:12,730 --> 00:05:20,130 three and segment at the layer for at least three we've captured the IP version 4 addresses. 64 00:05:20,140 --> 00:05:22,630 So this is IP version for information. 65 00:05:22,630 --> 00:05:27,530 The protocol used jet layer 4 is IP version for what we'll do actually. 66 00:05:27,550 --> 00:05:32,850 This point is stop my wife's shock capture so that the capture that I share with you isn't too big. 67 00:05:34,260 --> 00:05:46,830 And I'll save this as basic why a shock capture one notice it's a pickup in G file will pick up next 68 00:05:46,830 --> 00:05:48,880 generation Y shock file. 69 00:05:49,050 --> 00:05:52,980 So that's the file that you'll download and you'll be able to do something similar to what I've done 70 00:05:52,980 --> 00:05:53,220 here. 71 00:05:54,180 --> 00:06:00,930 So again protocol at layer 3 is IP version for source IP addresses this destination ip addresses this 72 00:06:01,530 --> 00:06:07,650 IP version 4 contains a lot of information differentiate services code points or differentiate services 73 00:06:07,650 --> 00:06:15,780 field DCP differentiated services code points is to do with quality of service quality of service or 74 00:06:15,780 --> 00:06:20,900 cause or QS allows us to differentiate some traffic types from others. 75 00:06:21,020 --> 00:06:25,800 So in other words we could say that voice traffic is more important than FCP traffic. 76 00:06:26,400 --> 00:06:32,910 So when you make a voice call it should be proud to arised over file transfer protocol or FCP traffic. 77 00:06:32,940 --> 00:06:37,580 This is a way to indicate to the network how important the traffic is. 78 00:06:37,860 --> 00:06:43,230 A lot of other information is shown in this header including as an example that the protocol used at 79 00:06:43,230 --> 00:06:45,270 Layer 4 is TTP. 80 00:06:45,510 --> 00:06:53,580 So lay off for once again this is layered to frame Layer 3 is packet layer forward segment at Layer 81 00:06:53,580 --> 00:07:01,560 4 in the OSA model we are using TTP here and you can see source and destination port numbers HDP or 82 00:07:01,560 --> 00:07:06,840 Hypertext Transfer Protocol uses the well-known port number of 80. 83 00:07:06,840 --> 00:07:09,700 The server was listening on port 80. 84 00:07:09,700 --> 00:07:18,790 That's why when the client made a connection to the server the web page displayed the client initiated 85 00:07:18,790 --> 00:07:20,290 a session to port 80. 86 00:07:20,320 --> 00:07:23,110 The server was listening on port 80. 87 00:07:23,110 --> 00:07:25,690 It served because it's a server. 88 00:07:25,690 --> 00:07:29,310 It served a web page to the client. 89 00:07:29,980 --> 00:07:35,440 In this case using the protocol HDP so it basically has this page. 90 00:07:35,440 --> 00:07:43,510 This web page hosted on its harddrive and it served that page to the client when the client connected 91 00:07:43,510 --> 00:07:44,760 on port 80. 92 00:07:44,800 --> 00:07:51,610 The client uses this random pulled number or ephemeral port number to use the correct term so it connects 93 00:07:51,610 --> 00:07:58,570 to the server using an ephemeral or random port number going to a well-known port number of 80 and then 94 00:07:58,570 --> 00:08:04,080 you can see here the application used his Hypertext Transfer Protocol. 95 00:08:04,080 --> 00:08:11,430 Now in networking we talk about the OS model but typically it's a hybrid model between the TTP model 96 00:08:11,790 --> 00:08:14,220 and the OS side model. 97 00:08:14,220 --> 00:08:18,690 At the top of the other some model we have application presentation and session. 98 00:08:18,690 --> 00:08:22,860 Those layers are often grouped into a single layer called application. 99 00:08:22,980 --> 00:08:28,170 So notice we have Layer 2 here Layer 1 is the physical medium so that's not shown in the wide shot capture 100 00:08:28,410 --> 00:08:33,180 the physical medium here is Ethan it could be copper or could be fiber. 101 00:08:33,180 --> 00:08:35,270 In our example this is just a virtual network. 102 00:08:35,300 --> 00:08:38,620 But in the real world this would be physical Ethernet. 103 00:08:38,700 --> 00:08:42,750 In this case perhaps copper so the physical media is copper. 104 00:08:42,750 --> 00:08:49,320 So that's the physical connection gets just a virtual logical connection. 105 00:08:49,320 --> 00:08:56,570 So layer one physical layer to data link or in this case it's Ethernet Layer three is network. 106 00:08:56,580 --> 00:09:00,410 In this case we've got IP layer four is transport. 107 00:09:00,420 --> 00:09:06,870 In this case it's TTP and then the top three layers are kind of combining to one layer application layer. 108 00:09:06,870 --> 00:09:09,490 So notice Hypertext Transfer Protocol. 109 00:09:09,600 --> 00:09:13,810 And inside here we can see details such as the client used. 110 00:09:14,010 --> 00:09:26,020 It shows up store as windows in t 10 when 64 bit using a browser Mozilla 5.0 so in this example I'm 111 00:09:26,020 --> 00:09:28,020 actually using Microsoft Edge. 112 00:09:28,030 --> 00:09:32,230 That's the browser used within Windows 10. 113 00:09:32,230 --> 00:09:34,900 So this is a Windows 10 a virtual computer. 114 00:09:34,930 --> 00:09:36,370 In other words it's a virtualize. 115 00:09:36,400 --> 00:09:42,640 I'm actually running on a Mac here recording on a Mac but I'm running VMware which allows me to virtualize 116 00:09:42,910 --> 00:09:46,930 multiple devices within my genius free topology. 117 00:09:46,930 --> 00:09:55,240 So the why shock capture sees the client as a Windows 10 computer which is correct using 64 bit Windows 118 00:09:55,780 --> 00:09:57,220 Mozilla is the browser. 119 00:09:57,220 --> 00:10:02,350 It's actually Microsoft Edge and then the server replies back. 120 00:10:02,350 --> 00:10:07,090 Notice in the server example the MAC addresses all swapped round. 121 00:10:07,090 --> 00:10:13,410 In this example I've got a layer to switch a layer to switch means that it's just simply switching trains. 122 00:10:13,510 --> 00:10:17,190 In other words Layer 2 data from one port to another. 123 00:10:17,260 --> 00:10:20,680 It's not trying to rupture the data from one network to another. 124 00:10:20,680 --> 00:10:24,120 These two hosts are in the same subnet or the same network. 125 00:10:24,310 --> 00:10:28,950 So the switch simply switching the traffic from one port to another. 126 00:10:28,960 --> 00:10:34,420 So in this example the IP addresses are swapped round and so are the MAC addresses going back to the 127 00:10:34,420 --> 00:10:35,640 first example. 128 00:10:35,710 --> 00:10:40,840 Notice source MAC address is this destination MAC addresses this when the server replies. 129 00:10:40,840 --> 00:10:47,680 Those are simply stopped around so the server is replying with its MAC addresses the source destination 130 00:10:47,680 --> 00:10:54,310 MAC address is the Windows computer IP addresses a swapped round and so a port numbers and if we look 131 00:10:54,340 --> 00:11:02,860 at the hypertext protocol notice we can see service says 200 Okay 200 means that the server was able 132 00:11:02,860 --> 00:11:05,270 to provide the data to the client. 133 00:11:05,440 --> 00:11:08,120 We didn't have a 4 0 for each team all error. 134 00:11:08,170 --> 00:11:12,920 As an example some data was provided to the client. 135 00:11:12,940 --> 00:11:19,050 Notice you can see here the actual web page that was served to the client so you can see it says network 136 00:11:19,050 --> 00:11:20,270 has toolkit. 137 00:11:20,320 --> 00:11:25,900 You can see the P and G file notice network is toolkit. 138 00:11:25,900 --> 00:11:32,110 And if I look at that web page on the client notice you can see the output here. 139 00:11:32,230 --> 00:11:41,490 It says w w w files located at a var w w w dot HMO and if we look here that's actually what you see. 140 00:11:41,620 --> 00:11:46,600 Files located at var w w w dot HMO. 141 00:11:46,600 --> 00:11:50,740 So if I scroll to the right notice you see the full output. 142 00:11:50,740 --> 00:12:00,220 You get to route after logging in noticed we told you can place files in t t p boot and that's exactly 143 00:12:00,460 --> 00:12:02,890 what you see over here. 144 00:12:02,890 --> 00:12:06,200 So why shock has read the HDP traffic. 145 00:12:06,220 --> 00:12:13,360 Be careful with HDP it's clear text so through why shock you can see exactly what's going on here. 146 00:12:13,360 --> 00:12:20,440 The client is trying to get the G image so it's trying to get the actual P G image and had the server 147 00:12:20,470 --> 00:12:29,470 which is in a boon to server is providing the PMG file so that's the actual file and you can actually 148 00:12:29,470 --> 00:12:35,510 export that and I'd do this again in other videos but let's do it right now. 149 00:12:35,560 --> 00:12:36,860 Genus 3. 150 00:12:36,940 --> 00:12:48,760 Image Some would export that to my desktop and on my desktop I'm going to change that to a PMG file 151 00:12:50,350 --> 00:12:55,390 and then when I open it up notice there's the actual image. 152 00:12:55,390 --> 00:13:00,180 So why shock captured all the data from the server as well as the image. 153 00:13:00,490 --> 00:13:02,950 And that's the image that we have on the server. 154 00:13:02,950 --> 00:13:09,610 So once again to do that click portable network graphics because it's a pinkie file and then go export 155 00:13:09,640 --> 00:13:17,750 packet bytes save it to your hard drive someone to save it once again is genius free image to and then 156 00:13:17,750 --> 00:13:22,500 I'm gonna rename it so it saved it as a burn file. 157 00:13:22,500 --> 00:13:30,800 I'm gonna rename that as P and G because it's a P G file and they want to open it up you can see that 158 00:13:30,800 --> 00:13:34,330 it's say P G file and there's the actual image. 159 00:13:34,550 --> 00:13:43,240 So you can see here it's getting the fave icon and then we're getting something HDP forward for error 160 00:13:43,300 --> 00:13:44,540 something not found. 161 00:13:44,680 --> 00:13:46,630 So something went wrong here. 162 00:13:47,620 --> 00:13:56,620 But the point is is that you can read the actual HDP traffic and remember because of these devices on 163 00:13:56,620 --> 00:14:02,840 the same subnet all that happens is the MAC addresses are swapped around IP addresses or swapped round 164 00:14:03,020 --> 00:14:07,070 port numbers or swapped around during that communication. 165 00:14:07,070 --> 00:14:12,080 So source IP is host yes source IP is the server. 166 00:14:12,080 --> 00:14:17,360 So when the server replies back it's replying back from port 80 to the client. 167 00:14:17,360 --> 00:14:23,240 So that was a very basic example of using Y shock to see what's going on in the network. 168 00:14:23,240 --> 00:14:27,080 Were you able to download the pick up file. 169 00:14:27,080 --> 00:14:31,530 Were you able to open it up in y shock and actually do something similar to what I've done here. 170 00:14:31,550 --> 00:14:38,630 There's no better way to learn than to practically use Y shock capture frames and see for yourself what's 171 00:14:38,630 --> 00:14:39,490 going on. 172 00:14:39,500 --> 00:14:45,100 I've made it a little bit more simple by giving you some pick up files but hopefully they mean something 173 00:14:45,110 --> 00:14:51,380 because she's using the actual files that I'm recording right now rather than just some random file 174 00:14:51,380 --> 00:14:53,100 that you got off the Internet. 175 00:14:53,160 --> 00:14:56,820 Now please note it means a lot to me if you provide feedback on the course. 176 00:14:56,840 --> 00:15:00,710 So if you're enjoying the video then please say so. 177 00:15:00,980 --> 00:15:06,380 If you get prompted to leave a review and you're enjoying the course then please do that because it 178 00:15:06,380 --> 00:15:10,850 helps other students and helps me make the course better let me know how I can improve the course as 179 00:15:10,850 --> 00:15:11,090 well. 19065

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.